package com.jxgyl.common.util;

import cn.hutool.core.util.StrUtil;

/**
 * @program: middleplatform
 * @description:
 * @author: Wanglipeng
 * @create: 2022-01-24 10:54
 **/
public class SqlEncodeUtil {

    private static String[] badStr = {
            "and", "exec", "execute", "insert", "select", "delete", "update",
            "count", "chr", "mid", "master", "truncate", "char", "declare", "sitename",
            "net user", "xp_cmdshell", "or", "create", "drop", "table", "from",
            "grant", "use", "group_concat", "column_name", "information_schema.columns",
            "table_schema", "union", "where", "order", "by", "like", "%"
    };

    static String[] illegalCharacterSetStr = {
            "*"
    };

    /**
     * TODO  检查传入参数
     *
     * @param value
     * @return boolean true 正常，false 存在风险字段
     * @author ws
     * @mail 1720696548@qq.com
     * @date 2020/2/14 0014 15:28
     */
    public  static boolean isPassSqlInjection(String value) {

        if (StrUtil.isBlank(value)) {
            return true;
        }
        value = value.toLowerCase();
        for (String bad : badStr) {
            if (value.indexOf(bad + " ") >= 0 || value.indexOf(" " + bad) >= 0 || value.indexOf("" + bad + " ") >= 0) {
                return false;
            }
        }
        for (String bad : illegalCharacterSetStr) {
            if (value.indexOf(bad) >= 0) {
                return false;
            }
        }
        return true;
    }
}
